package com.example.validate;

import java.io.IOException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Logger;
import java.util.logging.Level;

import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;


import com.sun.appserv.jdbc.DataSource;
import com.sun.corba.se.impl.util.Version;

/**
 * Servlet implementation class AddReviewServlet
 */

@WebServlet("/addReview")

public class AddReviewServlet extends HttpServlet {
	//fields
	private static final long serialVersionUID = 1L;
    private static final Map <Character, String> encodedTable = mkencodedTable();
    
    
    
    private static synchronized Map <Character, String> mkencodedTable(){
    	Map <Character, String> map = new HashMap<Character, String>(6);
    	map.put((char)38, "&amp");
    	map.put((char)60, "&lt");
    	map.put((char)62, "&gt");
    	map.put((char)34, "&quot");
    	map.put((char)39, "&#x27");
    	map.put((char)47, "&#x2F");
    	
    	return Collections.unmodifiableMap(map);
    }
    
  
    /**
     * @see HttpServlet#HttpServlet()
     */
	
    public AddReviewServlet() {
        super();
       
    }

	/**
	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
		request.getRequestDispatcher("/add_review.jsp").forward(request,  response);
	}

	/**
	 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		//Get params
		//System.out.println("DoPost");
		
		//sanitize and forward request
		//request.setAttribute(name, encodeForHTML(name));
		//request.setAttribute(review, encodeForHTML(review));
		
		
		request.getRequestDispatcher("/add_review.jsp").forward(request, response);
		
		
		Connection con = null;
		PreparedStatement pst = null;
		DataSource ds = null;
		InitialContext ctx = null;
		
	
		String url = "jdbc:mysql:lut2";
		
		try {
			
			//session.getAttribute("name")
			//session.getAttribute("review")
			//session.getAttribute("school_id")
			String school_id = request.getParameter("school_id");
			String name = request.getParameter("name");
			String review = request.getParameter("review");
			
			String n = encodeForHTML(name);
			String r = encodeForHTML(review);
			
			
			String insert = "INSERT INTO user_reviews VALUES(?, ?, ?)";
			ctx = new InitialContext();
			ds = (DataSource)ctx.lookup("jdbc/lut2");
			con = ds.getConnection();
			//TODO: Insert sql
			
			
			pst = con.prepareStatement(insert);
			pst.setString(1, school_id);
			
			pst.setString(2, n);
			pst.setString(3, r);
			
			//System.out.println(pst);
			pst.executeUpdate();
			
			
		}catch(SQLException ex){
			 Logger lgr = Logger.getLogger(Version.class.getName());
	         lgr.log(Level.SEVERE, ex.getMessage(), ex);
		} catch (NamingException e) {
			// TODO Auto-generated catch block
			Logger lgr = Logger.getLogger(Version.class.getName());
			lgr.log(Level.SEVERE, e.getMessage(), e);
			e.printStackTrace();
		}
		
		
		
	}
	
	//Rule 1 OWASP
	public String encodeForHTML(String input){
		//System.out.println("encode");
		StringBuilder sb = new StringBuilder();
		for(int i = 0; i < input.length(); i++){
			char c = input.charAt(i);
			//replace
			if(encodedTable.containsKey(c)){
				//System.out.println("hei");
				String value = encodedTable.get(c);
				sb.append(value);
				continue;
			}
			sb.append(c);
		}
		System.out.println(sb.toString());
		return sb.toString();
	}
	
	

}
